To protect your privacy: email us with billing or account questions instead of posting here.

Guarantees if 1Password is hacked

[Deleted User]
[Deleted User]
Community Member
edited April 2022 in Memberships

I'm hoping to get a truly honest answer here, so I will be very blunt in my question.

Prior to 1Password 8, if I chose not to use the cloud to store my password (whether it be the 1P cloud, iCloud or Dropbox, etc.), the security of my passwords was drastically increased as, short of physical access to my computer, no one else could get to my passwords. Even if I did choose to use a cloud, say iCloud, there was a certain onus on my part understanding the risks of using a cloud service. However, with 1P8 I have no choice but to use the cloud, and thus the onus of responsibility for the security and protection of my most valuable data is 100% with AgileBits.

So here's the question: What steps will AgileBits take if the 1Password cloud is completely compromised?

I am fully aware of the various forms of security AgileBits has implemented, and I am also aware that 1Password has never been hacked, but if the internet has shown us anything it is that there is no such thing as 100% security. As such, in the unlikely even that a massive security breach occurred, will AgileBits provide me with identity theft protection, will they help me in reseting ALL of my passwords?

Without these kinda of guarantees, why should I trust AgileBits and the 1Password cloud?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    @Ragnorok 1Password encrypts your data with your account password and secret key. These never leave your device as the server uses the secure remote password protocol to check you have them. Together these make the data on 1Password's servers useless to an attacker who doesn't also have your account password and secret key.

    So a successful attack would need to involve the compromise of 1Password's software and/or the compromise of your device. This is no different to the situation you would have been in when managing your own data storage. The location of the data is not relevant as in both cases 1Password's software and your device have access to it.

  • This is a difficult question that, as you might imagine, doesn't have an easy answer. To start things off, I think it's important to note that what @rootzero has stated is absolutely true, and the facts there are a large part of what makes 1Password's service so secure. 1Password (the company) does not have access to your data. The data within your vault is encrypted using secrets that only you have access to, those being your account password and your Secret Key. The Secret Key in particular plays a huge part in the answer to the question "what if 1Password gets hacked?" Given that it's long, random, and unique, and that every 1Password user has one, an attacker who successfully compromises 1Password's servers would have no way of running guessing attacks to try to decrypt the encrypted data that they'd acquired. And in fact, even if that attacker did run guessing attacks, and they were somehow able to successfully guess your account password, they'd have no idea that they made a correct guess. Without both secrets at once, an attacker would be left with nothing. And it's important to remember that each user of 1Password has their own unique account password and Secret Key, so even an attacker who is successfully able to guess both at once for one user would need to do it literally millions of times over again in order to compromise all of the acquired 1Password data. Your Secret Key is specifically meant to protect you from us and anything that might happen on our end, including a compromise of 1Password's service.

    With that being said, I think the additional "risk" that comes to using 1Password's service as opposed to your own device is relative to your personal threat model. If you consider yourself someone who might be personally targeted by a powerful attacker, then you may end up somewhat vulnerable either way. Rather than attempting to compromise 1Password itself in order to get to your data, or run guessing attacks to try to figure out your account password and Secret Key at once, it'd be much easier for a sufficiently powerful attacker to attempt a spear-phishing attack to either acquire the credentials that they're after within your vault or to somehow infect your device with one of the various, nasty flavors of malware that we all see in the news every week. Those attacks are common because they work, and because the human element of personal computing is usually the weakest link. On the other end of the spectrum, we're currently offering one million dollars to anyone who can successfully capture the flag via our Bugcrowd program. It hasn't been done.

    All of this is to say that you're absolutely right by stating that there is no such thing as 100% security, no matter what you're using. As such, any sort of "guarantee" that I could make here would be somewhat pointless, if not completely false. You will never see a 1Password employee state that 1Password could never be hacked. Rather, 1Password has been built in such a way that it anticipates attack. We are incapable of granting access to data that we don't have access to ourselves. That's a foundational rule upon which 1Password has been built. This is documented best in 1Password's Security Design white paper, which goes over everything from the basics of how 1Password fundamentally works to the complex math behind some of the features in use (like Secure Remote Password). It's not exactly a page-turner, but if you're interested in the subject, I'd strongly recommend giving it a read.

  • sporkmanx
    sporkmanx
    Community Member

    What really bugs me about this (cloud-dependent versions) is that it's basically a money grab in addition to giving us less control over our passwords.

    The old 1Password versions could work standalone, and sync to any "cloud" (including something under your own control), could fully function without internet connectivity, and did not require you to ever type your master password into a browser/extension window. Sure, we know, 1Password has no breaches anyone knows about, and in theory we can trust our browsers and javascript to be 100% secure (lol), and our keys are safe, etc. but K.I.S.S. always wins in security, as it ends up addressing a whole ton of unknowns.

    But as we move to "renting" our software, even companies like AgileBits, with enough customers to easily sustain development and growth while still selling a "standalone" version, feel the need to force us into this model that prioritizes a whole slew of things over security because it means some C-suite dudes get boats or whatever.

    If I had other options, I'd be shopping, but market domination, baby!

This discussion has been closed.